github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Use system property for enabling Pebble workarounds

pull/55/head
Richard Körber 2017-05-01 16:17:01 +02:00
parent 1c75d28dae
commit 710e876585
5 changed files with 71 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java
View File

@ -53,6 +53,7 @@ import org.shredzone.acme4j.exception.AcmeRateLimitExceededException;
import org.shredzone.acme4j.exception.AcmeRetryAfterException; import org.shredzone.acme4j.exception.AcmeRetryAfterException;
import org.shredzone.acme4j.exception.AcmeServerException; import org.shredzone.acme4j.exception.AcmeServerException;
import org.shredzone.acme4j.exception.AcmeUnauthorizedException; import org.shredzone.acme4j.exception.AcmeUnauthorizedException;
import org.shredzone.acme4j.provider.pebble.Pebble;
import org.shredzone.acme4j.util.AcmeUtils; import org.shredzone.acme4j.util.AcmeUtils;
import org.shredzone.acme4j.util.JSON; import org.shredzone.acme4j.util.JSON;
import org.shredzone.acme4j.util.JSONBuilder; import org.shredzone.acme4j.util.JSONBuilder;
@ -185,8 +186,11 @@ public class DefaultConnection implements Connection {
if (session.getKeyIdentifier() != null) { if (session.getKeyIdentifier() != null) {
// TODO PEBBLE: cannot process "kid" yet, send "jwk" instead // TODO PEBBLE: cannot process "kid" yet, send "jwk" instead
// https://github.com/letsencrypt/pebble/issues/23 // https://github.com/letsencrypt/pebble/issues/23
// jws.getHeaders().setObjectHeaderValue("kid", session.getKeyIdentifier()); if (Pebble.workaround()) {
jws.getHeaders().setJwkHeaderValue("jwk", jwk); jws.getHeaders().setJwkHeaderValue("jwk", jwk);
} else {
jws.getHeaders().setObjectHeaderValue("kid", session.getKeyIdentifier());
}
} else { } else {
jws.getHeaders().setJwkHeaderValue("jwk", jwk); jws.getHeaders().setJwkHeaderValue("jwk", jwk);
} }

47
acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/Pebble.java Normal file
View File

@ -0,0 +1,47 @@
/*
* acme4j - Java ACME client
*
* Copyright (C) 2017 Richard "Shred" Körber
* http://acme4j.shredzone.org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
package org.shredzone.acme4j.provider.pebble;
import org.slf4j.LoggerFactory;
/**
* Check if Pebble workarounds or strict ACME specifications are to be used.
* <p>
* To enable the Pebble workarounds, pass {@code -Dpebble=true} to the JVM.
* <p>
* Do not use this class. It will be removed.
*/
public final class Pebble {
private static final boolean PEBBLE = Boolean.getBoolean("pebble");
static {
if (PEBBLE) {
LoggerFactory.getLogger(Pebble.class).warn("Pebble workarounds enabled!");
}
}
private Pebble() {
// utility class without constructor
}
/**
* Returns {@code true} to enable Pebble workarounds, {@code false} for strict
* ACME specifications.
*/
public static boolean workaround() {
return PEBBLE;
}
}

5
acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/PebbleAcmeProvider.java
View File

@ -77,7 +77,10 @@ public class PebbleAcmeProvider extends AbstractAcmeProvider {
@Override @Override
public JSON directory(Session session, URI serverUri) throws AcmeException { public JSON directory(Session session, URI serverUri) throws AcmeException {
JSON json = super.directory(session, serverUri); JSON json = super.directory(session, serverUri);
return JSON.parse(json.toString().replace("\"new-reg\"", "\"new-account\"")); if (Pebble.workaround()) {
json = JSON.parse(json.toString().replace("\"new-reg\"", "\"new-account\""));
}
return json;
} }
} }

3
acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java
View File

@ -617,8 +617,7 @@ public class DefaultConnectionTest {
expectedHeader.append("\"kid\":\"").append(keyIdentifier).append('"'); expectedHeader.append("\"kid\":\"").append(keyIdentifier).append('"');
expectedHeader.append('}'); expectedHeader.append('}');
// TODO PEBBLE: cannot process "kid" yet, send "jwk" instead assertThat(header, sameJSONAs(expectedHeader.toString()));
// assertThat(header, sameJSONAs(expectedHeader.toString()));
assertThat(claims, sameJSONAs("{\"foo\":123,\"bar\":\"a-string\"}")); assertThat(claims, sameJSONAs("{\"foo\":123,\"bar\":\"a-string\"}"));
assertThat(signature, not(isEmptyOrNullString())); assertThat(signature, not(isEmptyOrNullString()));

13
acme4j-it/pom.xml
View File

@ -124,6 +124,19 @@
</images> </images>
</configuration> </configuration>
</plugin> </plugin>
<!-- TODO PEBBLE: remove -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<version>2.20</version>
<configuration>
<systemPropertyVariables>
<pebble>true</pebble>
</systemPropertyVariables>
</configuration>
</plugin>
</plugins> </plugins>
</build> </build>